If you do not encrypt the email content before(!) it leaves your own computer, then, yes, you can be targeted by these interfaces.

Therefore, encrypt in your own local mail client, do not rely on web browser interface encryption.

If you cannot trust your email provider, I cannot see how any encryption helps. If you trust your provider, then I cannot see how an encrypted IMAP connection is any more secure than an encrypted HTTP connection using the same algorithm and key lengths.

That's not what Posteo says about it, maybe you misunderstood that law, and I know that Posteo had some problems with authorities before and always defending their users.https://posteo.de/en/site/faq

Is Posteo affected by the reintroduction of data retention in Germany?

No, Posteo is not affected by data retention. You don't need to be concerned about the privacy of your Posteo emails. The law on the reintroduction of data retention ("Gesetz zur Einführung einer Speicherpflicht und einer Höchstspeicherfrist für Verkehrsdaten") completely excludes email providers. The entire area of email is excepted from retention.
In short, Posteo is not one of the affected parties. At Posteo, therefore, it remains the case that no data is retained.

If you cannot trust your email provider, I cannot see how any encryption helps. If you trust your provider, then I cannot see how an encrypted IMAP connection is any more secure than an encrypted HTTP connection using the same algorithm and key lengths.

First of all, you can indeed no longer trust your email provider if they are forced by law to conspire against you. There is nothing they can do about that.

Second, encrypted IMAP or HTTP connections do not help in this case: they only protect you from outside eavesdroppers. They hide nothing from the email provider and so they do not help against a government forcing the provider to cooperate.

However, encryption properly done on your machine, with only your communication partner (and not the email provider!) holding the decryption key, is practically unbreakable, even by the government infiltrated email provider.

Use PGP or S/MIME and the content of your email is safe! (The subject line, sender, and recipient address are always revealed, though).

But do not rely on web clients provided by your email provider to do the encryption - these will be infiltrated also!

That's not what Posteo says about it, maybe you misunderstood that law, and I know that Posteo had some problems with authorities before and always defending their users.https://posteo.de/en/site/faq
Is Posteo affected by the reintroduction of data retention in Germany?

No, Posteo is not affected by data retention. (...)

Posteo does the best they can.They do a great job in fact!

You are correct in stating that "data retention" does not apply to email providers, only network providers (and I already wrote that in my first post).

But, like I wrote, Germany also requires all email providers to offer remote interfaces for government agencies to conveniently and secretly access their customer's email on demand.

No exception for Posteo: Posteo does a very good job trying to fend of the usage of these interfaces, but they can not in all cases as their transparency report shows.

So, to summarize: data retention applies to German network providers, eavesdropping interfaces apply to German email providers, inclusing Posteo, but hopefully not Fastmail.

First of all, you can indeed no longer trust your email provider if they are forced by law to conspire against you. There is nothing they can do about that.

Second, encrypted IMAP or HTTP connections do not help in this case: they only protect you from outside eavesdroppers. They hide nothing from the email provider and so they do not help against a government forcing the provider to cooperate.

However, encryption properly done on your machine, with only your communication partner (and not the email provider!) holding the decryption key, is practically unbreakable, even by the government infiltrated email provider.

Use PGP or S/MIME and the content of your email is safe! (The subject line, sender, and recipient address are always revealed, though).

But do not rely on web clients provided by your email provider to do the encryption - these will be infiltrated also!

This is what I was trying to get across.

Now, I understand you. Of course, there is some leak of information even if the main content of your email is encrypted. The big problem, though, is that almost none of my correspondents are willing to go to the trouble of using client-to-client encryption. I have had PGP keys for such purposes for about 15 years, but (in that time) have used it with less than 1% of my email communications.

You could be right about it, I am not sure.
Posteo answered me that they don't post about these things in forums..., I told them that I only wanted to know the answer, not in forums, and that I was dissapointed with that answer but no reply until now... Suspicious.

Quote:

Originally Posted by xor

Posteo does the best they can.They do a great job in fact!

You are correct in stating that "data retention" does not apply to email providers, only network providers (and I already wrote that in my first post).

But, like I wrote, Germany also requires all email providers to offer remote interfaces for government agencies to conveniently and secretly access their customer's email on demand.

No exception for Posteo: Posteo does a very good job trying to fend of the usage of these interfaces, but they can not in all cases as their transparency report shows.

So, to summarize: data retention applies to German network providers, eavesdropping interfaces apply to German email providers, inclusing Posteo, but hopefully not Fastmail.

I wonder what the legal situation is for your email stored on Fastmail servers that are based in the USA? Sure, the company personnel are in Australia, but they own a nexus in the USA (POBox.com) and store data in the USA. I can't claim to be a legal expert on this, but that would seem to indicate that at least some US laws would apply as they do to any other foreign company doing business in another country.

OT a bit, but let's pretend we are government spies and we are looking for something suspicious and we have a list of everyone and their email services they are using. My own attention might be immediately drawn to those using services like Proton Mail or Tutanota as obviously those people feel they have something to hide. Maybe the spies can't directly read the email, but knowing who is sending messages and to whom might be information equally as valuable. Not saying this is right or wrong, but it just makes sense.